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0. Compared to a year ago, has it become easier or 


harder to secure your networking environment? 


1. Easier 


E 7.1% 


2. Harder 
N 64.3% 


3. The same 


E 28.6% 
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1. In your organisation, which do you consider the 


greater security risk...? 


1. Insiders (those within the organisation) 


aaa 75.0% 


2. Outsiders (external threats) 


a 25.0% 
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2. What is the greatest risk to your organisation today? 


(Rank in order of importance: highest to lowest) 


1. 
2; 
3. 
4. 
D. 


Employees 

Virtual workers and/or partners 
Vulnerabilities (Systems and/or apps) 
Web use (eg widgets and gadgets) 
Malware 


Enter ALL your choices in order of importance and 
then press SEND 
If you wish to correct your choices press CLEAR 
and re enter 
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Ranked Results 


145 

143 

127 
93 
91 


1. Employees 

2. Virtual workers and/or partners 

3. Vulnerabilities (Systems and/or apps) 
5. Malware 

4. Web use (eg widgets and gadgets) 
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3. How well integrated is your view of risk in the 


overall enterprise risk landscape? 


1. Very well 
E 7.3% 


2. Reasonably well 


E 29.3% 


3. Could be better 
A 63.4% 
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4. How easy is it for you to articulate the impact of 


these risks and the impact of mitigation financially? 


1. Very well 
2.5% 


2. Reasonably well 


aaa 47.5% 


3. Could be better 
na 50.0% 
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5. How well do you think that you demonstrate to the 


business the value of what you do? 


1. Very well 
N 12.5% 


2. Reasonably well 


N 40.0% 


3. Could be better 
N 47.5% 
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6. How well do you think that you measure the impact 


of incidents on your organisation? 


1. Very well 
E 20.0% 


2. Reasonably well 


N 32.5% 


3. Could be better 
A 47.5% 
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7. What is the main driver for security 


in your company? 


Regulatory demands (SOX etc) 
15.4% 


Managing risk 

30.8% 
Customer demands 
15.4% 
Industry demands (PCI etc..) 
E 5.1% 
Senior management/board 
ME 5.1% 
Auditors 
EE 2.6% 
All of the above 


None of the above 
E 5.1% 


20.5% 


O N D eS eS YE 
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8. What are the main obstacles in doing your job? 


(Rank in order of importance: highest to lowest) 


Budget 

Time 

Personnel 

Insufficient technology 

Lengthy hardware/software implementations 
Reporting requirements 

Unhelpful media coverage on security 

My own incompetence 


Oo Oo! S a o e 


Enter ALL your choices in order of importance and 
then press SEND 
If you wish to correct your choices press CLEAR 
and re enter 
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Ranked Results 


214 
212 
209 
144 
136 
109 
195 
68 


CON OF OF W DN 


. Time 

. Personnel 

. Budget 

. Lengthy hardware/software implementations 
. Insufficient technology 

. Reporting requirements 

. Unhelpful media coverage on security 

. My own incompetence 
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9. What is your view on software as a service? Will 


it displace enterprise software? 


1. Yes 


a 50.0% 


2. No 


aa 50.0% 
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10. What proportion of your team’s time is dedicated to 


meeting security compliance requirements? 


1. Less than 15% 


34.1% 


2. 15% to 24% 
31.7% 


3. 25% to 39% 
N 7.3% 


4. 40% to 59% 


14.6% 


5. 60% or greater 
12.2% 
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11. The greatest consequence of a card data security 


breach is to.... 


1. Brand reputation 


12.5% 


2. Company finance 
E 5.0% 


3. Customer finance and identity 
E 2.5% 


4. My job 
E 2.5% 


5. All of the above 
E 17.5% 
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12. What does security convergence mean to you? 


1. Physical Security and Information Security 
a 16.7% 
2. Audit & Compliance Business Continuity & Information Security 


es 40.5% 


3. Network/IT Security and Information Security 


es 16.7% 


4. Financial crime 
0.0% 


5. All of the above 


a 26.2% 
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13. What is your approach to Business Continuity 


Planning for your organisation? 


1. Integrated plan led by the CSO 
A 28.2% 


2. Integrated plan led by another unit 
E 25.6% 


3. Separate plans by organisational responsibility 
mamm 


38.5% 
4. Only an IT Disaster Recovery plan 
E 7.7% 
5. Nothing formal 
0.0% 
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14. Does Software as a service help make 


information more secure? 


1. Yes 


a 34.9% 


2. No 


aaa 65.1% 
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15. How would you assess Information leakage for 


your organisation? 


1. A serious problem 


N 4.2% 


2. A problem but not an immediate concern 


N 5.2% 


3. Not an Issue 


E 4.8% 


4. Can't say 
a 4.8% 
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16. Do you believe there are adequate controls in your 


organisation to deal with data theft? 


1. There are controls but they are not robust 
67.4% 


2. We have an effective control process in place to counter this risk 


E 9.3% 

3. We have no controls in place 
E 14.0% 

4. We have not assessed this as an issue 
E 9.3% 
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17. Do you know where your customer data is stored 


and can you protect it from being stolen? 


1. We know where are data is and have controls to prevent its theft 
32.5% 


2. We have some idea where are data is and limited controls 
60.0% 


3. We have no idea where are data is and no controls 
0.0% 


4. Weare working on this 


E 7.5% 
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18. Has your company deployed or considering 


deploying a Software as a service solution? 


1. Has already deployed 


A 42.9% 


2. Is considering 


a 31.4% 


3. Is not considering 


a 25.7% 
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19. How mature is your IT Security budgeting and 


accounting process? 


1. Very mature — we budget for everything in detail and measure ROI 
E 5.7% 


2. Mature — we budget for everything but in broad-brush terms, but do 
not really have an accurate ROI 
37.1% 
3. Growing — we recognise the need for accurate budgets and to prove 


value for money, and we are developing a process 
37.1% 


4. Scarce — we just throw money at the latest fire and live from day to 


day! 
E 20.0 
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20. How well have the card schemes, acquirers and the 


PCI Security Standards Council publicised the Data 
Security Standard and its implications? 


1. Notat all: what's PCI? 


2. Poorly: my acquirer sent me 
one letter 26% 


3. Well: | have had detailed 
information from my acquirer 
and the PCI Security 
Standards Council 


4. Excessively: | am fed up of 
them going on about it 


5. Not relevant 
6. Don’t know 
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21. What are the intended benefits that go along with 


security convergence? 


Better Audit & Compliance adherence 
EN 95,055 

Process Improvements 

EE 13.994 


Cost Reduction 

EE 8.3% 

The board has a “single throat to throttle” 
ME 5.6% 


All of the above 
44.4% 


at eS YS LY E a 


None of the above 
HE 2.8% 
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22. How often do you conduct a practice of the 


Business Continuity Plan? 


1. Complete practice once a year 
E 20.0% 


2. Partial practice once a year 
n 


25.1% 


3. Complete practice every 5 years 
0.0% 


4. No complete practice 
E 34.3% 


5. No practice at all 
E 20.0% 
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a es W PP 


None 
1-2 
3-4 
5-6 


C 0.6% 
7+ 
13.9% 


Don’t know 
DS 11.1% 
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27.8% 


22.2% 


19.4% 


wat eS YS LY P 


None 

35.3% 
1-2 
29.4% 


3-4 
23.5% 
5-6 
E 2.9% 
7+ 
0.0% 
Don’t know 
WE 8.8% 
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25. What is your company's position on green IT? 


1. We do not really have one 


aa &2.9% 


2. Weare addressing in our data centres only 
H 2.9% 


3. We are addressing in all areas of our organisation 


a 34.3% 
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26. What is you view of third party IT resources such 


as co-location and software as a service? 


1. They make our use of IT more reliable and secure 


A 23.2% 


2. They make no difference to IT security and reliability 


N 3.3% 


3. They make our use of IT less reliable and secure 


aa 26.5% 
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27. What is you view of using the internet for critical 


business communications? 


1. Itis good for our business and we can make internet 
communication secure 


54.3% 


2. We have to use, but consider to be inherently insecure 
37.1% 


3. We avoid use as it is unreliable and insecure 
8.6% 
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28. Which of the following measures do you use or 


consider valid when presenting the business case for IT 
Security? 


1. Reduction in theft, loss and 
fraud 


2. Avoidance of breaches of law 
or regulation with associated 
fines and adverse publicity 


3. Increased availability of 
business-critical information 
and business efficiency 


4. Avoidance of harm to 
reputation 


5. Use of secure business 
environment as positive 
marketing differentiator 
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29% 


29. How reasonable are the requirements of the PCI 


Data Security Standard? 


1. Notat all: much too stringent 


6.5% 
2. Fairly: most are reasonable but a few are excessive 
E AE O a 25.8% 


Completely reasonable: they represent good practice 
25.8% 


4. Too reasonable: they should be made stronger 
N 6.5% 


5. Don’t know 


a 35.5% 
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30. How clear are the requirements of the PCI Data 


Security Standard? 


1. Not at all: many are vague 
E 3.2% 


2. Fairly: mostly clear but several are vague or irrelevant 
—oo“nermn 29.0% 


3. Quite: almost all the requirements are clear 
16.1% 


4. Very: there are no areas we're not clear about 


E 6.5% 


5. Don’t know 


aaa 45.2% 
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31. To what extent is your Business Continuity Plan 


driven by regulatory requirements? 


1. Entirely 
E 3.3% 


2. Mostly 
a 20.0% 


3. Slightly 
E 23.3% 


4. Not at all 


N 53.3% 
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32. Do you have staff dedicated to maintaining a 


Business Continuity Plan? 


1. Yes 


a 41.9% 


2. No 


aa 8.1% 
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None 
E 3.3% 


1-2 


a 10.0% 


3-4 


23.3% 


5-6 
E 3.3% 


7+ 
43.3% 


Don’t know 
16.7% 
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